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METHOD AND APPARATUS FOR STORAGE OF USERNAMES IN 

PORTABLE MEMORY 

BACKGROUND OF THE INVENTION 
Field of the Invention 

[0001] The present invention relates generally to electronic password 

protection. Particularly, the present invention relates to the storing of electronic 
passwords in a portable memory device. 

Description of the Related Art 

[0002] With the increasing use of the Internet for commercial purposes, the 

average consumer is being overwhelmed with "usernames" and their associated 
passwords. For example, to log on to an Internet news site, the consumer may have to 
generate their own six to twelve character username as well as a password. These 
phrases must then be used whenever the consumer wishes to log on to that particular 
web site. 

[0003] Most web sites require or at least strongly suggest the use of usernames 

and passwords. Financial transactions, in the interest of security, require such 
protection. This causes the consumer to face many problems associated with 
username and password use. 

[0004] For example, the web site may generate a username and/or password 

for the consumer. These phrases are typically very cryptic, making them difficult to 
remember. 

[0005] If the consumer desires to access dozens of web sites that require 

usernames and passwords, he or she must track each of these sites and its associated 
username/password. The consumer may decide to write the information down. 
However, losing this information would then leave the protected information 
vulnerable to misuse. For example, if the consumer lost his or her username and 
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password for Internet banking, those accounts may be accessed by whoever finds the 
codes. 

[0006] For convenience, the consumer may decide to make all of his or her 

username/passwords the same for each web site. However, various web sites have 
different rules for the generation of such protection. One site may require that the 
password be only four characters and include at least one number. If the consumer has 
already generated a generic password for other sites that is six alphabetic characters in 
length, this will cause the consumer to generate and track the new password. There is 
a resulting need for a portable memory device that stores and protects all of a 
consumer's usernames and password protection information. 

SUMMARY OF THE INVENTION 

[0007] The memory card of the present invention provides a consumer with 

encrypted, portable storage capability for all of their usernames and associated 
passwords. After the data is unlocked and/or decrypted, the username and associated 
password is provided to the requesting universal resource locator (URL) through an 
electronic device's browser software. 

[0008] The memory card comprises memory that stores the plurality of 

usernames and each username' s respective password. Each username and password is 
associated with a predetermined network address or URL. An input/output device or 
bus interface couples the card to an electronic device, such as a computer, PDA, or 
cellular telephone, to allow access to the memory from that electronic device. 
[0009] A controller is coupled to both the memory and the input/output 

device. The controller is a processor or microcontroller that controls the operation of 
the smart memory card. The controller runs processes that permits or denies access to 
the information stored in the memory. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0010] FIG. 1 shows a block diagram of a memory card of the present 

invention. 
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[0011] FIG. 2 shows an embodiment of the memory card of the present 

invention as used with a cellular telephone. 

[0012] FIG. 3 shows another embodiment of the memory card of the present 

invention as used with a personal digital assistant. 

[0013] FIG. 4 shows a flowchart of a memory card access process of the 

present invention. 

[0014] FIG. 5 shows a flowchart of a memory card electronic cash process of 

the present invention. 

[0015] FIG. 6 shows an example of a username/password table of the present 

invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

[0016] The present invention provides for safe storage and easy recall of 

usernames along with their associated passwords or personal identification numbers 
(PIN). The stored information is encrypted to provide security against invalid access 
if the smart memory card is lost. 

[0017] FIG. 1 illustrates a block diagram of the memory card apparatus (100) 

of the present invention. The apparatus is comprised of memory (110) for storing the 
usernames and their associated passwords. In the preferred embodiment, the memory 
(1 10) is a flash memory that stores data even after power has been removed. Alternate 
embodiments use other memory technologies such as micro hard drives. 
[0018] An input/output device (115) couples the memory card to another 

electronic device, as described subsequently in reference to the embodiments of FIGs. 
2 and 3. In the preferred embodiment, the input/output device (115) is a universal 
serial bus (USB) compliant interface. Alternate embodiments use other types of bus 
interfaces such as a Personal Computer Memory Card International Association 
(PCMCIA) compliant bus interface or a Fire Wire (IEEE 1394) compliant bus 
interface. 

[0019] The USB and PCMCIA bus structures provide the data paths necessary 

for the memory card to communicate with any device to which it is coupled. The bus 
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also provides the power required to operate the memory card so that a separate power 
supply is not required. 

[0020] In the preferred embodiment, the memory card is controlled by a 

controller (105) such as a microprocessor or microcontroller. The controller (105) is 
coupled to the memory (110) and the input/output device (115) in order to control 
access to the memory by any electronic devices coupled to the input/output device 
(115). The controller (105) performs the processes of the present invention that 
encrypt, decrypt, and verify the validity of any access requests to the memory (110). 
[0021] In alternate embodiments, the controller functions are performed by the 

device to which the memory card is coupled. For example, if the memory card is 
coupled to the USB port of a cellular telephone, the cellular telephone's processor 
provides the necessary control to store and recall the usernames and their associated 
passwords. 

[0022] FIG. 2 illustrates one use of the memory card apparatus (100) of the 

present invention. This embodiment couples the apparatus (100) to a portable 
radiotelephone (200) such as a cellular telephone. In the preferred embodiment, the 
cellular telephone (200) is Wireless Access Protocol (WAP) compliant so that a user 
can access the Internet using the telephone (200). 

[0023] In this embodiment, the WAP-compliant telephone (200) has a large 

screen (210) to display Internet pages. The keypad (215) is used to enter telephone 
numbers or other data and to control a cursor on the screen (210). The memory card 
(100) is inserted into an expansion port (205) on the telephone. In this embodiment, 
the expansion port (205) is shown on the top of the telephone (200). However, this 
port (205) can be located anywhere on the telephone (200). 

[0024] Once inserted into the expansion port (205), the electrical contacts on 

both the telephone (200) and the memory card (100) are mechanically connected. This 
connection enables the controller of the telephone (200) to communicate with the 
controller of the smart memory card (100). 

[0025] The communication between the telephone (200) and the memory card 

(100) includes the telephone (200) being able to write to the smart memory card as 
well as read from it. For example, when a consumer accesses a web page for the first 
time it may request a username and password. Since the consumer has not entered a 
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username and password for this web page, the consumer uses the keypad (215) to 
enter this data. The telephone's browser or operating system then stores both the 
username and password with the URL of the web page into the memory card's 
memory. 

[0026] In the preferred embodiment, the expansion slot (205) on the telephone 

(200) is a USB port. In this case, the connector on the smart memory card (100) is 
also a USB connector. Alternate embodiments use other types of connectors and 
interfaces such as PCMCIA and FireWire. 

[0027] The USB port of the telephone (200) transfers the power required for 

operation of the smart memory card (100). This enables the smart memory card to run 
off the telephone (200) battery and permits the smart memory card to be smaller and 
lighter than if a battery was required. 

[0028] FIG. 3 illustrates another use of the present invention. This 

embodiment couples the memory card apparatus (100) to a personal digital assistant 
(PDA) (300). An example of a personal digital assistant is PALM COMPUTING'S 
PALM M505. Such a PDA (300) has an expansion port (310) that is used to couple 
the smart memory card's bus interface to the PDA. 

[0029] The PDA (300) is comprised of a large touchscreen (305) to display 

Internet web pages as well as other information. The touchscreen (305) is also used to 
enter and display information such as to access the smart memory card's memory and 
to write additional usernames and passwords with their corresponding URLs, as 
discussed above in the embodiment of FIG. 2. 

[0030] Both of the embodiments illustrated in FTGs. 2 and 3 use an expansion 

slot (USB port) into which the memory card is inserted. However, in another 
embodiment, a cable is used to connect the memory card to the electronic device. 
[0031] While the embodiments discussed above use the memory card of the 

present invention with portable electronic devices, the memory card can also be 
coupled to a desktop computer to perform the same function. 

[0032] Most modern computers are equipped with USB ports to enable 

peripherals to communicate with the computer. When the memory card is coupled to 
the computer's USB port, the computer's operating system goes through an automatic 
recognition process to load the driver for the memory card. This driver can be 
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provided in the operating system by the operating system manufacturer, downloaded 
off of the Internet, or loaded into the computer or other electronic device through a 
computer connection. 

[0033] FIG. 4 illustrates a flowchart of a memory card access process of the 

present invention. The memory card is coupled to the electronic device (e.g., 
telephone, PDA, computer) through the bus interface (step 401). The electronic device 
then attempts recognition of the memory card (step 403) by a process that loads the 
driver for the card. As discussed above, this driver is either part of the electronic 
device's operating system or loaded separately (i.e., by connecting the electronic 
device to a computer and downloading the driver). 

[0034] The consumer then enters a request to access the memory card's 

memory (step 405). In the preferred embodiment, the consumer simply enters a 
password or PIN to unlock the card and/or decrypt the information stored in memory. 
Alternate embodiments use other forms of access requests such as a digitized scan of 
a fingerprint or a digitized scan of a retina. 

[0035] If the memory card is comprised of a controller, it checks for a valid 

password, PIN, or digitized scan by comparing the input information with a 

previously stored file (step 410). If the device to which the memory card is coupled is 

performing the control function, that device checks for the valid password. 

[0036] If the input access request is not valid (step 415), an error indication is 

generated (step 420). This indication can include a tone, an error display on the 

electronic device, or any other way to indicate the error condition. 

[0037] If the input access request is valid (step 415), the controller of the 

memory card decrypts the memory contents (step 425). This step may include 

decrypting the entire memory contents or simply decrypting the information as the 

electronic device requests it. 

[0038] The memory card then receives a password request from a network 

address (e.g., URL) (step 430). The memory card controller then looks up the URL in 
memory to determine if the URL is present in the memory card and has an associated 
username and password. If the URL is valid, the decrypted username and password 
are transmitted to the requesting address (step 435). 
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[0039] While the embodiments discussed above use the memory card as a 

storage device for usernames, passwords, and the associated URLs, an alternate 
embodiment uses the card as an electronic cash storage device or other monetary 
account information. The consumer can set up an account with an Internet banking 
service such that the banking service can charge the consumer's credit card or debit a 
bank account. When the consumer accesses the service's web page, the monetary 
value stored in the smart memory card can be increased to an amount agreed upon 
between the consumer and the Internet banking service. 

[0040] Once the memory card has a stored monetary value, the consumer can 

access Internet shopping pages that accept the smart memory card's monetary 
information as payment. Once the consumer has entered the check-out page of the 
website, the amount of the purchase is deducted from the smart memory card. 
[0041] FIG. 5 illustrates a flowchart of the alternate embodiment process in 

which the memory card is an electronic cash device. The memory card is coupled to 
the electronic device (e.g., telephone, PDA, computer) through the bus interface (step 
501). The electronic device then attempts recognition of the memory card (step 503) 
by a process that loads the driver for the card. 

[0042] The consumer then enters a request to access the memory card's 

memory (step 505). In the preferred embodiment, the consumer simply enters a 
password or PIN to unlock the card and/or decrypt the information stored in memory. 
Alternate embodiments use other forms of access requests such as a digitized scan of 
a fingerprint or a digitized scan of a retina. 

[0043] The memory card controller checks for a valid password, PIN, or 

digitized scan by comparing the input information with a previously stored file (step 
510). If the input access request is not valid (step 515), an error indication is 
generated (step 520). This indication can include a tone, an error display on the 
electronic device, or any other way to indicate the error condition. 
[0044] If the input access request is valid (step 515), the controller of the 

memory card decrypts the memory contents (step 525). This step may include 
decrypting the entire memory contents or simply decrypting the payment information 
as the electronic device requests it. 
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[0045] The memory card then receives the request for payment from the web 

page or other network address (step 530). The memory card controller compares the 
funds available with the amount of the payment request to determine if sufficient 
funds are available to complete the transaction (step 531). If there are not sufficient 
funds available (step 531), an error indication is generated (step 520). 
[0046] If sufficient funds are available (step 531), the decrypted electronic 

cash payment data, such as account number and value, are transmitted to the 
requesting web site (step 535). The controller then reduces the stored funds by the 
amount transmitted (step 540). 

[0047] In the preferred embodiment, the username and password information 

stored in the memory card is stored in a table format, as illustrated in FIG. 6. For 
example, the first column of data (601) lists the URLs. The second column of data 
(602) lists the usernames associated with each URL. The third column of data (603) 
lists the associated passwords. Therefore, each row of data (610) is a URL, its 
associated username, and the username's associated password or PEN. 
[0048] When an accessing device reads the memory to access a username and 

password, the accessing device goes through the list of URLs to find the appropriate 
one. Once the URL is found, the username and password are now available. 
[0049] In one embodiment, the URLs are stored in the format show in FIG. 6. 

Alternate embodiments store the IP addresses for each desired location. 
[0050] The memory card may further act as a "key" in accessing certain 

URLs. For example, a Web site may allow only certain subscribers to access a page. 
To limit access by only the subscribers, the memory card must be present in the 
computer, PDA, or telephone so that the Web site can issue instructions in HTML to 
the computer to access the memory card for the appropriate username and password. 
[0051] In the memory card may be stored a username and password that are 

each hundreds of bytes in length such that memorizing them would be almost 
impossible. This would increase the Web site's defense to "hackers" who go through 
all possible combinations of a password or username in order to gain access. 
[0052] The "key" concept can also be used in the electronic cash embodiment 

of FIG. 5. If the memory card with the proper funds, username, and password is not 
detected by the Web site that is being accessed, the transaction is not allowed. 
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[0053] 



In summary, the present invention provides a consumer with 



encrypted, portable storage capability for all of their usernames and associated 
passwords. The memory card of the present invention enables the consumer to enter 
one password to unlock and/or decrypt the contents of the card. When the card 
receives a valid password request from a known URL, it transmits the corresponding 
username and password to access the web page. 
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